vPrioritizer icon indicating copy to clipboard operation
vPrioritizer copied to clipboard

Published 20 hours ago verified publisher icon varchashva

Prioritization method

Open j--- opened this issue 3 years ago • 1 comments

Thanks for all the good work automating things here. It looks like an important project. Asset significance and vulnerability severity may not be the right concepts for the prioritization decision though. What are your thoughts on using something like SSVC? https://github.com/CERTCC/SSVC

It's mostly conceptual so far, but you've done the hard coding work already, the prioritization decision is a small plug-in that is available there, once the data is collected. What would it take to make the decision a bit more transparent along the lines of SSVC? Would that be worthwhile?

j--- avatar Sep 03 '20 15:09 j---

thanks @j--- , I will look into this surely.

varchashva avatar Sep 05 '20 08:09 varchashva